Bugzilla – Bug 910251
VUL-0: CVE-2014-9322 kernel: x86: local privilege escalation due to bad_iret and paranoid entry incompatibility
Last modified: 2022-04-12 14:57:32 UTC
public via oss-sec posting From: Andy Lutomirski <luto@amacapital.net> Subject: [oss-security] Linux kernel: multiple x86_64 vulnerabilities CVE-2014-9322: local privilege escalation, all kernel versions Any kernel that is not patched against CVE-2014-9090 is vulnerable to privilege escalation due to incorrect handling of a #SS fault caused by an IRET instruction. In particular, if IRET executes on a writeable kernel stack (this was always the case before 3.16 and is sometimes the case on 3.16 and newer), the assembly function general_protection will execute with the user's gsbase and the kernel's gsbase swapped. This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF. On those systems, assuming that the mitigation works correctly, the impact of this bug may be limited to massive memory corruption and an eventual crash or reboot. As with CVE-2014-9090, this is fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86/kernel/entry_64.S?id=6f442be2fb22be02cafa606f1769fa1e6f894441 The related fix to remove bad_iret is also an effective mitigation to prevent a bug like this from being reintroduced: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86/kernel/entry_64.S?id=b645af2d5905c4e32399005b867987919cbfc3ae Partial credit for this bug goes to Borislav Petkov, who asked pointed questions about CVE-2014-9090, causing me to realize that there were two separate bugs in #SS handling. The first bug (CVE-2014-9090) caused a fatal double fault, masking the second bug that caused the gsbase issue.
Jan, xen-specific entry*.S will also have to be adjusted I guess?
Relevant test cases: https://bugzilla.suse.com/attachment.cgi?id=615885 https://bugzilla.suse.com/attachment.cgi?id=616442
As Boris pushed this out already, Xen patches are now failing to apply. Jan, could you please fix this up so that I can proceed with fast-track SR? Thanks.
(In reply to Jiri Kosina from comment #1) > Jan, xen-specific entry*.S will also have to be adjusted I guess? I don't see why, not the least because it's not the kernel's job to deal with that ESP-fixing (the root cause of the vulnerability iiuc) in the Xen case. The first mentioned fix, removing IST use by #SS, is irrelevant since a Xen kernel - running in ring 3 - can't use IST anyway. The second one, re-working bad_iret, is irrelevant too simply because that code doesn't even exist in entry_64-xen.S.
Ok, thanks. Than the only thing that needs to be done is refereshing patches.xen/xen3-patch-2.6.31 properly so that it applies again then. TIA.
(In reply to Jiri Kosina from comment #5) > Ok, thanks. Than the only thing that needs to be done is refereshing > patches.xen/xen3-patch-2.6.31 properly so that it applies again then. As just explained on the phone, patch context changes are always appropriate to be done in those patches. The original commit should have been done with the context fixed up.
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-12-23. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60036
x86-asm-flip-restore_args-arguments-logic.patch is clearly missing a Xen counterpart to adjust entry_64-xen.S accordingly. I'm not going to be able to fix this today though, the earliest I can hope to find enough time to do so is tomorrow. The Kconfig adjustments are correct (I don't see why X86_16BIT would need suppressing for Xen), merely done mechanically the wrong way (the !XEN additions don't really belong in the original patch, that's exactly what xen3-<original-name> patches should be created for). All other changes missing on the Xen side appear to be benign.
(In reply to Jan Beulich from comment #10) > x86-asm-flip-restore_args-arguments-logic.patch is clearly missing a Xen > counterpart to adjust entry_64-xen.S accordingly. Why would it matter though? It's just a functionally equivalent code cleanup in preparation for further backported changes (which are not going into Xen's entry-64.S anyway). (plus in comment #4 you stated that no updates to Xen's entry code are needed). Thanks.
(In reply to Jiri Kosina from comment #11) > Why would it matter though? It's just a functionally equivalent code cleanup > in preparation for further backported changes (which are not going into > Xen's entry-64.S anyway). No. It's not a functional preparation for one, afaict (all it does it avoid fuzz on two subsequent patches). And if flipping those arguments was benign to users of the macro, the patch wouldn't have to adjust ia32entry.S and entry_64.S either. > (plus in comment #4 you stated that no updates to Xen's entry code are > needed). That was based on the (wrong) assumption that only relevant patches would have got backported (taking the two commits named on the original descriptions as reference), but not (afaict) pure cleanup ones.
(In reply to Jan Beulich from comment #12) > No. It's not a functional preparation for one, afaict (all it does it avoid > fuzz on two subsequent patches). And if flipping those arguments was benign > to users of the macro, the patch wouldn't have to adjust ia32entry.S and > entry_64.S either. Okay, now I see the problem -- entry_64-xen.S is now passing wrong arguments to RESTORE_ARGS. That definitely needs to be fixed indeed. Marcus, please disregard SR#47559 from yesterday (I will be writing separate mail about this), Xen will be terminally broken there. I will do another one once Xen counterpart is fixed. > > (plus in comment #4 you stated that no updates to Xen's entry code are > > needed). > > That was based on the (wrong) assumption that only relevant patches would > have got backported (taking the two commits named on the original > descriptions as reference), but not (afaict) pure cleanup ones. In this case I agree with Boris that it's much better to have the code as close to upstream as possible, than to be completely on our own with a code that noone else is running. So please, Boris or Jan, whoever manages to do it first, please update entry-64_xen.S usage of RESTORE_ARGS() so that it's correct. Thanks.
(In reply to Jan Beulich from comment #10) > x86-asm-flip-restore_args-arguments-logic.patch is clearly missing a Xen > counterpart to adjust entry_64-xen.S accordingly. I'm not going to be able > to fix this today though, the earliest I can hope to find enough time to do > so is tomorrow. This might be too late for Security team. Please let me know why the patch that just swaps the arguments of RESTORE_ARGS is not enough. > All other changes missing on the Xen side appear to be benign. Thanks a lot for checking.
Created attachment 617643 [details] [PATCH] xen counterpart of x86-asm-flip-restore_args-arguments-logic.patch Please let me know if it's acceptable to create patches.xen/xen-x86-asm-flip-restore_args-arguments-logic.patch with this contents and apply it to the end of Xen series.
Created attachment 617644 [details] [PATCH v2] xen counterpart of x86-asm-flip-restore_args-arguments-logic.patch
Please provide your Ack to patch from comment#16 to be added as patches.xen/xen-x86-asm-flip-restore_args-arguments-logic.patch Thanks.
(In reply to Jiri Kosina from comment #17) > Please provide your Ack to patch from comment#16 to be added as > patches.xen/xen-x86-asm-flip-restore_args-arguments-logic.patch Yes, that's exactly what I would have created content-wise. Naming and suggested placement are wrong, but in a benign way, i.e. I can take care of this later.
(In reply to Jiri Kosina from comment #16) > Created attachment 617644 [details] > [PATCH v2] xen counterpart of > x86-asm-flip-restore_args-arguments-logic.patch FWIW I've done the same thing in SLE11-SP1-TD tree (modulo different position of RESTORE_ARGS) and I do not seem to have a variant with 4 arguments. You are just missing 32b counterpart, no?
(In reply to Michal Hocko from comment #19) > You are just missing 32b counterpart, no? arch/x86/ia32/ia32entry-xen.S doesn't use RESTORE_ARGS, so all should be good.
(In reply to Jiri Kosina from comment #20) > (In reply to Michal Hocko from comment #19) > > > You are just missing 32b counterpart, no? > > arch/x86/ia32/ia32entry-xen.S doesn't use RESTORE_ARGS, so all should be > good. OK, this is the case for SLE11-SP1-TD as well I just wasn't sure this is the case for 11sp3. 32b in TD branch is a poor mans version as we do not even build it so it could have been missing something. Better to double check though. I am still fighting to put all the parts together so I didn't get to it myself.
Pushed to SLE11-SP3 as commit 49252b3dc0aa8f682ad2896e12dda1f2dee4ae55 Author: Jiri Kosina <jkosina@suse.cz> Date: Wed Dec 17 12:02:30 2014 +0100 x86, asm, xen: Flip RESTORE_ARGS arguments logic (bnc#910251 CVE-9322).
pushed to SLE11-SP1-TD tree
Btw, we might have some ABI issue after the set_thread_area fix 0e58af4e1d21 ("x86/tls: Disallow unusual TLS segments") https://lkml.kernel.org/r/d7875b60e28c512f6a6fc0baf5714d58e7eaadbb.1418856405.git.luto@amacapital.net Let's keep it in the bag for now and deal with the sec issue first.
(In reply to Borislav Petkov from comment #25) > Btw, we might have some ABI issue after the set_thread_area fix 0e58af4e1d21 > ("x86/tls: Disallow unusual TLS segments") > > https://lkml.kernel.org/r/d7875b60e28c512f6a6fc0baf5714d58e7eaadbb. > 1418856405.git.luto@amacapital.net > > Let's keep it in the bag for now and deal with the sec issue first. JFTR, I didn't pull 0e58af4e1d2166e9e33375a0f121e4867010d4f8 into SLE11-SP1-TD because it felt like nice-to-have rather than must... so we do not have kABI issue in this kernel.
(In reply to Michal Hocko from comment #26) > JFTR, I didn't pull 0e58af4e1d2166e9e33375a0f121e4867010d4f8 into > SLE11-SP1-TD because it felt like nice-to-have rather than must... so > we do not have kABI issue in this kernel. Why not? You're not enabling the espfix on TD kernels?
(In reply to Borislav Petkov from comment #27) > (In reply to Michal Hocko from comment #26) > > JFTR, I didn't pull 0e58af4e1d2166e9e33375a0f121e4867010d4f8 into > > SLE11-SP1-TD because it felt like nice-to-have rather than must... so > > we do not have kABI issue in this kernel. > > Why not? You're not enabling the espfix on TD kernels? No, it is disabled: +config X86_ESPFIX64 + def_bool y -+ depends on X86_64 && BROKEN ++ depends on X86_64 && !XEN && BROKEN
(In reply to Michal Hocko from comment #28) > (In reply to Borislav Petkov from comment #27) > > (In reply to Michal Hocko from comment #26) > > > JFTR, I didn't pull 0e58af4e1d2166e9e33375a0f121e4867010d4f8 into > > > SLE11-SP1-TD because it felt like nice-to-have rather than must... so > > > we do not have kABI issue in this kernel. > > > > Why not? You're not enabling the espfix on TD kernels? > > No, it is disabled: > +config X86_ESPFIX64 > + def_bool y > -+ depends on X86_64 && BROKEN > ++ depends on X86_64 && !XEN && BROKEN Dohh, bad commit, but you got a point. ESPFIX is depending on BROKEN in SLE11-SP1-TD because it is not compileable due to missing infrastructure which I really didn't want to pull in. Read more in f3e54e82d5e47cbd56122bb02287af4e15ad3ea3
(In reply to Borislav Petkov from comment #25) > Btw, we might have some ABI issue after the set_thread_area fix 0e58af4e1d21 > ("x86/tls: Disallow unusual TLS segments") > > https://lkml.kernel.org/r/d7875b60e28c512f6a6fc0baf5714d58e7eaadbb. > 1418856405.git.luto@amacapital.net > > Let's keep it in the bag for now and deal with the sec issue first. Yeah, I got confused. 0e58af4e1d21 is the second fix which we decided not to pick up due to ABI breakage. We might reconsider those two commits as a security precation not to allow funny segments: commit 0e58af4e1d2166e9e33375a0f121e4867010d4f8 Author: Andy Lutomirski <luto@amacapital.net> Date: Thu Dec 4 16:48:17 2014 -0800 x86/tls: Disallow unusual TLS segments Users have no business installing custom code segments into the GDT, and segments that are not present but are otherwise valid are a historical source of interesting attacks. ... Oh well, later.
(just to confirm here, does this specific issue affect SLES 10?)
(In reply to Marcus Meissner from comment #31) > (just to confirm here, does this specific issue affect SLES 10?) see bug 910251 comment 22. I know this is confusing but we do not have PoC for the escalation but from what I've read from Andy, if we can crash the kernel we can also escalate privs. (with a different code of course).
openSUSE-SU-2014:1669-1: An update that solves 22 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 768714,818561,835839,853040,865882,882639,883518,883724,883948,887082,889173,890624,892490,896382,896385,896390,896391,896392,896689,899785,904013,904700,905100,905764,907818,909077,910251 CVE References: CVE-2013-2889,CVE-2013-2891,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5077,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322 Sources used: openSUSE 12.3 (src): kernel-docs-3.7.10-1.45.2, kernel-source-3.7.10-1.45.1, kernel-syms-3.7.10-1.45.1
openSUSE-SU-2014:1677-1: An update that solves 31 vulnerabilities and has 12 fixes is now available. Category: security (important) Bug References: 818966,835839,853040,856659,864375,865882,873790,875051,881008,882639,882804,883518,883724,883948,883949,884324,887046,887082,889173,890114,891689,892490,893429,896382,896385,896390,896391,896392,896689,897736,899785,900392,902346,902349,902351,904013,904700,905100,905744,907818,908163,909077,910251 CVE References: CVE-2013-2891,CVE-2013-2898,CVE-2014-0181,CVE-2014-0206,CVE-2014-1739,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4611,CVE-2014-4943,CVE-2014-5077,CVE-2014-5206,CVE-2014-5207,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-7975,CVE-2014-8133,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322 Sources used: openSUSE 13.1 (src): cloop-2.639-11.16.1, crash-7.0.2-2.16.1, hdjmod-1.28-16.16.1, ipset-6.21.1-2.20.1, iscsitarget-1.4.20.3-13.16.1, kernel-docs-3.11.10-25.2, kernel-source-3.11.10-25.1, kernel-syms-3.11.10-25.1, ndiswrapper-1.58-16.1, pcfclock-0.44-258.16.1, vhba-kmp-20130607-2.17.1, virtualbox-4.2.18-2.21.1, xen-4.3.2_02-30.1, xtables-addons-2.3-2.16.1
openSUSE-SU-2014:1678-1: An update that solves 8 vulnerabilities and has 22 fixes is now available. Category: security (important) Bug References: 665315,856659,897112,897736,900786,902346,902349,902351,902632,902633,902728,903748,903986,904013,904097,904289,904417,904539,904717,904932,905068,905100,905329,905739,906914,907818,908163,908253,909077,910251 CVE References: CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-9090,CVE-2014-9322 Sources used: openSUSE 13.2 (src): kernel-docs-3.16.7-7.2, kernel-obs-build-3.16.7-7.3, kernel-obs-qa-3.16.7-7.2, kernel-obs-qa-xen-3.16.7-7.2, kernel-source-3.16.7-7.1, kernel-syms-3.16.7-7.1
SUSE-SU-2014:1695-1: An update that solves 24 vulnerabilities and has 28 fixes is now available. Category: security (important) Bug References: 755743,779488,800255,835839,851603,853040,857643,860441,868049,873228,876633,883724,883948,885077,887418,888607,891211,891368,891790,892782,893758,894058,894895,895387,895468,896382,896390,896391,896392,896415,897502,897694,897708,898295,898375,898554,899192,899574,899843,901638,902346,902349,903331,903653,904013,904358,904700,905100,905522,907818,909077,910251 CVE References: CVE-2012-4398,CVE-2013-2889,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-7263,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-4508,CVE-2014-4608,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-source-3.0.101-0.46.1, kernel-syms-3.0.101-0.46.1, kernel-trace-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1 SUSE Linux Enterprise Server 11 SP3 (src): kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-ec2-3.0.101-0.46.1, kernel-source-3.0.101-0.46.1, kernel-syms-3.0.101-0.46.1, kernel-trace-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1, xen-4.2.5_02-0.7.9 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.27.120, gfs2-2-0.16.126, ocfs2-1.6-0.20.120 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-source-3.0.101-0.46.1, kernel-syms-3.0.101-0.46.1, kernel-trace-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1, xen-4.2.5_02-0.7.9 SLE 11 SERVER Unsupported Extras (src): kernel-bigsmp-3.0.101-0.46.1, kernel-default-3.0.101-0.46.1, kernel-xen-3.0.101-0.46.1
SUSE-SU-2014:1698-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 907818,909077,910251 CVE References: CVE-2014-8133,CVE-2014-9090,CVE-2014-9322 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): kernel-default-3.0.101-0.7.27.1, kernel-ec2-3.0.101-0.7.27.1, kernel-source-3.0.101-0.7.27.1, kernel-syms-3.0.101-0.7.27.1, kernel-trace-3.0.101-0.7.27.1, kernel-xen-3.0.101-0.7.27.1, xen-4.1.6_08-0.5.5 SUSE Linux Enterprise Server 11 SP1 LTSS (src): kernel-default-2.6.32.59-0.17.1, kernel-ec2-2.6.32.59-0.17.1, kernel-source-2.6.32.59-0.17.1, kernel-syms-2.6.32.59-0.17.1, kernel-trace-2.6.32.59-0.17.1, kernel-xen-2.6.32.59-0.17.1, xen-4.0.3_21548_18-0.9.2 SLE 11 SERVER Unsupported Extras (src): ext4-writeable-0-0.14.132, kernel-default-2.6.32.59-0.17.1, kernel-default-3.0.101-0.7.27.1, kernel-xen-2.6.32.59-0.17.1, kernel-xen-3.0.101-0.7.27.1
openSUSE-SU-2014:1735-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 907818,909077,910251 CVE References: CVE-2014-8133,CVE-2014-9090 Sources used: openSUSE Evergreen 11.4 (src): kernel-docs-3.0.101-95.2, kernel-source-3.0.101-95.1, kernel-syms-3.0.101-95.1, preload-1.2-6.73.1
Ok, this has been pushed to all trees by now, let's go ahead and close it. Feel free to reopen if more handling is needed.
SUSE-SU-2014:1695-2: An update that solves 24 vulnerabilities and has 28 fixes is now available. Category: security (important) Bug References: 755743,779488,800255,835839,851603,853040,857643,860441,868049,873228,876633,883724,883948,885077,887418,888607,891211,891368,891790,892782,893758,894058,894895,895387,895468,896382,896390,896391,896392,896415,897502,897694,897708,898295,898375,898554,899192,899574,899843,901638,902346,902349,903331,903653,904013,904358,904700,905100,905522,907818,909077,910251 CVE References: CVE-2012-4398,CVE-2013-2889,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-7263,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-4508,CVE-2014-4608,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-8709,CVE-2014-8884,CVE-2014-9090,CVE-2014-9322 Sources used: SUSE Linux Enterprise Real Time Extension 11 SP3 (src): cluster-network-1.4-2.27.121, drbd-kmp-8.4.4-0.22.87, iscsitarget-1.4.20-0.38.106, kernel-rt-3.0.101.rt130-0.32.1, kernel-rt_trace-3.0.101.rt130-0.32.1, kernel-source-rt-3.0.101.rt130-0.32.1, kernel-syms-rt-3.0.101.rt130-0.32.1, lttng-modules-2.1.1-0.11.96, ocfs2-1.6-0.20.121, ofed-1.5.4.1-0.13.112
SUSE-SU-2015:0068-1: An update that solves 11 vulnerabilities and has 62 fixes is now available. Category: security (important) Bug References: 851603,853040,860441,862957,863526,870498,873228,874025,877622,879255,880767,880892,881085,883139,887046,887382,887418,889295,889297,891259,891619,892254,892612,892650,892860,893454,894057,894863,895221,895387,895468,895680,895983,896391,897101,897736,897770,897912,898234,898297,899192,899489,899551,899785,899787,899908,900126,901090,901774,901809,901925,902010,902016,902346,902893,902898,903279,903307,904013,904077,904115,904354,904871,905087,905100,905296,905758,905772,907818,908184,909077,910251,910697 CVE References: CVE-2013-6405,CVE-2014-3185,CVE-2014-3610,CVE-2014-3611,CVE-2014-3647,CVE-2014-3673,CVE-2014-7826,CVE-2014-7841,CVE-2014-8133,CVE-2014-9090,CVE-2014-9322 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.32-33.3, kernel-obs-build-3.12.32-33.1 SUSE Linux Enterprise Server 12 (src): kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1 SUSE Linux Enterprise Desktop 12 (src): kernel-source-3.12.32-33.1, kernel-syms-3.12.32-33.1
openSUSE-SU-2015:0566-1: An update that solves 38 vulnerabilities and has 13 fixes is now available. Category: security (important) Bug References: 771619,778463,833588,835839,847652,853040,864049,865442,867531,867723,870161,875051,876633,880892,883096,883724,883948,887082,892490,892782,895680,896382,896390,896391,896392,897995,898693,899192,901885,902232,902346,902349,902351,902675,903640,904013,904700,905100,905312,905799,906586,907189,907338,907396,907818,909077,909078,910251,912654,912705,915335 CVE References: CVE-2012-4398,CVE-2013-2893,CVE-2013-2897,CVE-2013-2899,CVE-2013-2929,CVE-2013-7263,CVE-2014-0131,CVE-2014-0181,CVE-2014-2309,CVE-2014-3181,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3601,CVE-2014-3610,CVE-2014-3646,CVE-2014-3647,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4508,CVE-2014-4608,CVE-2014-4943,CVE-2014-5471,CVE-2014-5472,CVE-2014-7826,CVE-2014-7841,CVE-2014-7842,CVE-2014-8133,CVE-2014-8134,CVE-2014-8369,CVE-2014-8559,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322,CVE-2014-9584,CVE-2014-9585 Sources used: openSUSE Evergreen 11.4 (src): kernel-docs-3.0.101-99.2, kernel-source-3.0.101-99.1, kernel-syms-3.0.101-99.1, preload-1.2-6.77.1
SUSE-SU-2015:0736-1: An update that solves 21 vulnerabilities and has 69 fixes is now available. Category: security (important) Bug References: 771619,816099,829110,833588,833820,846656,853040,856760,864401,864404,864409,864411,865419,875051,876086,876594,877593,882470,883948,884817,887597,891277,894213,895841,896484,900279,900644,902232,902349,902351,902675,903096,903640,904053,904242,904659,904671,905304,905312,905799,906586,907196,907338,907551,907611,907818,908069,908163,908393,908550,908551,908572,908825,909077,909078,909088,909092,909093,909095,909264,909565,909740,909846,910013,910150,910159,910251,910321,910322,910517,911181,911325,911326,912171,912705,913059,914355,914423,914726,915209,915322,915335,915791,915826,916515,916982,917839,917884,920250,924282 CVE References: CVE-2013-7263,CVE-2014-0181,CVE-2014-3687,CVE-2014-3688,CVE-2014-3690,CVE-2014-4608,CVE-2014-7822,CVE-2014-7842,CVE-2014-7970,CVE-2014-8133,CVE-2014-8134,CVE-2014-8160,CVE-2014-8369,CVE-2014-8559,CVE-2014-9090,CVE-2014-9322,CVE-2014-9419,CVE-2014-9420,CVE-2014-9584,CVE-2014-9585,CVE-2015-1593 Sources used: SUSE Linux Enterprise Real Time Extension 11 SP3 (src): cluster-network-1.4-2.28.1.14, drbd-kmp-8.4.4-0.23.1.14, iscsitarget-1.4.20-0.39.1.14, kernel-rt-3.0.101.rt130-0.33.36.1, kernel-rt_trace-3.0.101.rt130-0.33.36.1, kernel-source-rt-3.0.101.rt130-0.33.36.1, kernel-syms-rt-3.0.101.rt130-0.33.36.1, lttng-modules-2.1.1-0.12.1.13, ocfs2-1.6-0.21.1.14, ofed-1.5.4.1-0.14.1.14
SUSE-SU-2015:0812-1: An update that fixes 39 vulnerabilities is now available. Category: security (important) Bug References: 677286,679812,681175,681999,683282,685402,687812,730118,730200,738400,758813,760902,769784,823260,846404,853040,854722,863335,874307,875051,880484,883223,883795,885422,891844,892490,896390,896391,896779,902346,907818,908382,910251,911325 CVE References: CVE-2011-1090,CVE-2011-1163,CVE-2011-1476,CVE-2011-1477,CVE-2011-1493,CVE-2011-1494,CVE-2011-1495,CVE-2011-1585,CVE-2011-4127,CVE-2011-4132,CVE-2011-4913,CVE-2011-4914,CVE-2012-2313,CVE-2012-2319,CVE-2012-3400,CVE-2012-6657,CVE-2013-2147,CVE-2013-4299,CVE-2013-6405,CVE-2013-6463,CVE-2014-0181,CVE-2014-1874,CVE-2014-3184,CVE-2014-3185,CVE-2014-3673,CVE-2014-3917,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-5471,CVE-2014-5472,CVE-2014-9090,CVE-2014-9322,CVE-2014-9420,CVE-2014-9584,CVE-2015-2041 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): kernel-bigsmp-2.6.16.60-0.132.1, kernel-debug-2.6.16.60-0.132.1, kernel-default-2.6.16.60-0.132.1, kernel-kdump-2.6.16.60-0.132.1, kernel-kdumppae-2.6.16.60-0.132.1, kernel-smp-2.6.16.60-0.132.1, kernel-source-2.6.16.60-0.132.1, kernel-syms-2.6.16.60-0.132.1, kernel-vmi-2.6.16.60-0.132.1, kernel-vmipae-2.6.16.60-0.132.1, kernel-xen-2.6.16.60-0.132.1, kernel-xenpae-2.6.16.60-0.132.1